Add in missing read permissions for organization audit role (#15318)

* Add in missing read permissions for organization audit role

* Add missing audit permission, special case name handling

awx/main/tests/functional/dab_rbac/test_access_regressions.py

@@ -21,3 +21,21 @@ def test_notification_template_object_role_change(rando, notification_template,
     rd.give_permission(rando, notification_template)
     access = NotificationTemplateAccess(rando)
     assert access.can_change(notification_template, {'name': 'new name'})
+
+
+@pytest.mark.django_db
+def test_organization_auditor_role(rando, setup_managed_roles, organization, inventory, project, jt_linked):
+    obj_list = (inventory, project, jt_linked)
+    for obj in obj_list:
+        assert obj.organization == organization, obj  # sanity
+
+    assert [rando.has_obj_perm(obj, 'view') for obj in obj_list] == [False for i in range(3)], obj_list
+
+    rd = RoleDefinition.objects.get(name='Organization Audit')
+    rd.give_permission(rando, organization)
+
+    codename_set = set(rd.permissions.values_list('codename', flat=True))
+    assert not ({'view_inventory', 'view_jobtemplate', 'audit_organization'} - codename_set)  # sanity
+
+    assert [obj in type(obj).access_qs(rando) for obj in obj_list] == [True for i in range(3)], obj_list
+    assert [rando.has_obj_perm(obj, 'view') for obj in obj_list] == [True for i in range(3)], obj_list

awx/main/tests/functional/dab_rbac/test_translation_layer.py

@@ -35,7 +35,6 @@ def test_round_trip_roles(organization, rando, role_name, setup_managed_roles):
     """
     getattr(organization, role_name).members.add(rando)
     assignment = RoleUserAssignment.objects.get(user=rando)
-    print(assignment.role_definition.name)
     old_role = get_role_from_object_role(assignment.object_role)
     assert old_role.id == getattr(organization, role_name).id